/*
 *  NFCSigning - Open source library for signing/validation of NDEF messages
 *  Copyright (C) 2009-2010 The NFCSigning Team
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; either
 *  version 2.1 of the License, or (at your option) any later version.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 *
 */
package org.nfcsigning.algorithm;

import org.nfcsigning.record.CertificateBytes;
import org.nfcsigning.record.SignatureField;
import org.nfcsigning.record.SignatureRecord;
import org.nfcsigning.record.URIRecord;
import org.bouncycastle.asn1.DERObjectIdentifier;
import org.bouncycastle.asn1.pkcs.RSAPrivateKeyStructure;
import org.bouncycastle.crypto.AsymmetricBlockCipher;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.params.RSAKeyParameters;
import org.bouncycastle.crypto.signers.PSSSigner;

//#ifdef MyJSR257
//# import my.javax.microedition.contactless.ndef.NDEFRecordType;
//#else
import javax.microedition.contactless.ndef.NDEFRecordType;
//#endif

/**
 *
 * @author Markus Kilås
 */
public class RSASSAPSSSigner extends Signer {

    private static final DERObjectIdentifier ALG_ID = new DERObjectIdentifier("1.2.840.113549.1.1.1");
    
    public RSASSAPSSSigner(PrivateKey privateKey, int certificateType, CertificateBytes[] chain, URIRecord certURI) {
        this(privateKey, certificateType, chain, certURI, SignatureRecord.RECORD_TYPE);
    }

    public RSASSAPSSSigner(PrivateKey privateKey, int certificateType, CertificateBytes[] chain, URIRecord certURI, NDEFRecordType signatureRecordType) {
        super(SignatureField.RSASSA_PSS, privateKey, certificateType, chain, certURI, signatureRecordType);

        if(!ALG_ID.equals(privateKey.getPrivateKeyInfo().getAlgorithmId().getObjectId())) {
            throw new WrongPrivateKeyAlgorithm("Private key algorithm is not RSA");
        }
    }
    
    public byte[] sign(byte[] coveredBytes) throws SignatureException, DataLengthException {
        try {
            return signUsingRSASSAPSS(coveredBytes, getPrivateKey());
        } catch (CryptoException ex) {
            ex.printStackTrace();
            throw new SignatureException(ex);
        }
    }

    static byte[] signUsingRSASSAPSS(byte[] coveredBytes, PrivateKey privKey) throws DataLengthException, CryptoException {
        
        RSAPrivateKeyStructure structure = RSAPrivateKeyStructure.getInstance(privKey.getPrivateKeyInfo().getPrivateKey());
        RSAKeyParameters privParameters = new RSAKeyParameters(true, structure.getModulus(), structure.getPrivateExponent());
        
        AsymmetricBlockCipher rsaEngine = new RSAEngine();
        rsaEngine.init(true, privParameters);
        
        Digest digest = DigestFactory.getDigest("SHA-1");
        
        PSSSigner signer = new PSSSigner(rsaEngine, digest, digest.getDigestSize());
        signer.init(true, privParameters);
        signer.update(coveredBytes, 0, coveredBytes.length);
        
        return signer.generateSignature();
    }
}
